Overview: This host is running evalSMSI and is prone to multiple vulnerabilities.

Vulnerability Insight: The multiple flaws are due to: - Input passed to the 'query' parameter in ajax.php (when 'question' action is set), 'return' parameter in ajax.php and while writing comments to assess.php page (when 'continue_assess' action is set) is not properly sanitised before being used in SQL queries. - The passwords are stored in plaintext in the database, which allows attackers with database access to gain privileges.